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Abstract 

It is impossible to add a combinator to PCF to achieve full abstraction for models such as 
Berry's stable domains in a way analogous to the addition of the "parallel-or" combinator 
that achieves full abstraction for the familiar cpo model. In particular, we define a general 
notion of rewriting system of the kind used for evaluating simply typed A-terms in Scott's 
PCF. Any simply typed A-calculus with such a "PCF-like" rewriting semantics is shown 
necessarily to satisfy Milner's Context Lemma. A simple argument demonstrates that 
any denotational semantics that is adequate for PCF, and in which certain simple Boolean 
functionals exist, cannot be fully abstract for any extension of PCF satisfying the Context 
Lemma. An immediate corollary is that stable domains cannot be fully abstract for any 
extension of PCF definable by PCF-like rules. 
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1 Introduction 

A paradigmatic example of a functional programming language is PCF, Scott's simply 
typed A-calculus for recursive functions on the integers [32]. Many categories of deno- 
tational meaning are known to adequately reflect the computational behavior of PCF in 
a precise technical sense, namely, a PCF term evaluates to the numeral n iff it means 
the integer n. But typically there are pairs of terms with distinct meanings that never- 
theless are computationally indistinguishable in PCF. For example, with the semantics 
based on cpo's, PCF must be extended with a "parallel-or" combinator in order to express 
enough computations to be fully abstract, i.e., semantical distinctions and computational 
distinctions between terms coincide [31, 30]. 

The problem of characterizing a fully abstract model of unextended PCF remains open 
after nearly two decades, cf. [27, 8, 28, 36]. Efforts to construct spaces of "sequential" 
functions corresponding to those definable in the original PCF without parallelism have 
led to the discovery of a number of new domains suitable for denotational semantics. 
Although none are fully abstract for PCF, one motivation for the development of spaces 
such as the stable functions, bistable functions, sequential algorithms [5, 4, 8, 7, 15], and 
most recently the strongly stable functions [13] was that they captured various aspects 
of sequentiality and so seemed "closer" to full abstraction for unextended PCF than the 
popular cpo model. 

The stable function model in particular has a simple definition and attractive category- 
theoretic properties. Its only apparent technical peculiarity is that stable domains of 
functions are not partially ordered pointwise; in general, the stable ordering strictly re- 
fines the pointwise ordering. Nevertheless, just as for the cpo model, the elements of 
stable domains of type a — > r are actually total functions from elements of type a to 
elements of type r. Likewise, there is a natural notion of finite and effective elements of 
stable domains, and these domains yield an adequate least fixed-point model for PCF. 
Further, they form a Cartesian Closed Category with solutions for domain equations [5]. 
This category was also independently discovered and used in constructing a model of 
polymorphic A-calculus [16]. So the stable domains seem to offer a setting for a theory 
for higher-order recursive computation with many of the attractions of the cpo category. 

However, one important result about cpo's is not known for stable domains, namely, 
full abstraction with respect to some extension of PCF analogous to the parallel-or ex- 
tension which Plotkin and Sazonov provided for the cpo model. What might a symbolic- 
evaluator for an extended PCF look like if it was well matched — fully abstract — with the 
stable model? We conclude that such an evaluator will have to be unusual looking: it 
cannot be specified by the kind of term-rewriting based evaluation rules known for PCF 
and its extensions. 

The significance of this negative result hinges heavily on how drastic we judge it to 
go beyond the scope of PCF-like rules. It is of course possible that some operational 
behavior that we declare to be non-PCF-like, in our technical sense, will nevertheless 
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offer a useful extension of PCF for which stable domains are fully abstract. For example, 
Bloom [10] provides such an extension for complete lattice models, though he goes on to 
criticize the rather complex algorithmic specification of the combinators in his extension. 
(The general benefits of structured approaches to operational semantics and connections 
to full abstraction are discussed in [26, 11].) 

To illustrate the generality of our notion of PCF-like rules, we note that the standard 
extensions of PCF by parallel-or and existential combinators are easily seen to be PCF- 
like. For example, we can define an evaluator for Plotkin's 3 constant [30] while remaining 
within a term rewriting discipline, as follows. Let p : t — > o be an "integer predicate" 
variable, and use the rules: 



j i 



3p — > cond (pn) tt 0, 
3p — > cond (pft) ft f f . 

The resulting PCF-like language no longer has a confluent rewriting system, though it 
remains single- valued, viz., every term rewrites to at most one numeral. In general, our 
PCF-like rules need not even be single valued. 

A substantial technical contribution of this paper is a simple, modest restriction on 
the format of rewrite rules which is sufficient to guarantee Milner's Context Lemma [27] 
for languages defined by such rules. Informally, this "Approximation" Context Lemma 
requires that if two phrases Af, N of the same syntactic functional type yield visibly 
distinct computational outcomes when used in some language context, then there are 
actual parameters of appropriate argument type, such that M and N each simply applied 
to these arguments, yield visibly distinct computational outcomes. This property, more 
perspicuously dubbed operational extensionality by Bloom [9, 10], has been identified by 
many authors as technically significant in program semantics [37, 29, 24, 1, 18, 2, 35]. 
The key to the proof of the Context Lemma is a new Standard Reduction Theorem 25 
for PCF-like rewrite systems. 

Our work borrows much from Bloom [9, 10]. The second author raised the question 
of whether there is a "reasonable" extension of PCF that would yield a fully abstract 
evaluator for lattice models [33, 34]. In answering this question, Bloom emphasized how 
the Context Lemma and full abstraction were incompatible with single-valued evaluators 
for the lattice model. He also characterized a general class of consistent rewrite rules 
that ensured the soundness of the Context Lemma. However, in order to encompass 
the computational behavior of the 3 combinator, Bloom needed to develop an auxiliary 
notion of "observation calculi". 

Our PCF-like rules are, in an appropriate sense, as powerful as Bloom's observational 
calculi, and strictly subsume the class of consistent rules. In particular, consistent rules 
are necessarily confluent and hence single- valued; as Bloom remarks [9], introducing a 
join combinator with simple multiple- valued rewrite rules yields a PCF extension both 
fully abstract for the lattice model and also satisfying the Context Lemma. Our wish 



to simplify Bloom's criteria while dealing with nonconfluent rewriting systems forced us, 
however, to a rather elaborate theory of standard reductions. 

As an aside, we also point out that it is questionable whether the (bi)stable and similar 
domains are closer to full abstraction for PCF. In particular, although some operationally 
valid equations that fail in the cpo model do hold, for example, in the stable model, we 
note in Corollary 15 that the converse also happens: some equations that hold in the cpo 
model fail in the stable model. The cpo, stable and likewise the bistable models thus 
offer information about the operational behavior of PCF terms that is not apparently 
comparable, and it is hard to see how to judge which is a more accurate model. 

The outline of our argument is as follows: in Section 2 we formulate the key concepts 
of observational approximation, adequacy, and full abstraction in a fairly general setting. 
Then in Section 3, Theorem 14, we give a short proof that any denotational semantics 
that is adequate for PCF, and in which a certain simple Boolean functional exists, cannot 
be fully abstract for extensions of PCF satisfying the Context Lemma. The Boolean 
functional is obviously not continuous in Scott's sense, but it is stably continuous, and 
so does appear in the stable model. We also formulate a Comparability Context Lemma 
which applies to the bistable domains. Section 4 gives our general notion of term rewriting 
systems of the kind used for symbolic evaluation of PCF terms. Then in Section 5, we 
show that any such system defines an observational approximation relation that must 
satisfy the Context Lemma [27]. An immediate corollary is Theorem 30 that there is 
no extension of PCF defined by PCF-like rewriting rules for which the stable domain 
semantics is fully abstract. A similar result for the bistable domains is announced but 
not proved. 

2 Adequacy and Full Abstraction 

Concepts concerning program behavior, such as observational congruence, adequacy, and 
full abstraction, can usefully be defined in a general setting consisting of: 

• an arbitrary set C, called a language, whose elements, Af, A, . . ., are called terms; 

• partial operators C[-] on terms called contexts; and 

• an arbitrary set (9, called a notion of observation, whose elements are predicates 
on terms called observations. When an observation is true of a term, the term is 
said to yield the observation. 

We will work with languages whose operational behavior is specified by (possibly 
nondeterministic) symbolic evaluation of terms, so we further assume a binary relation, 
"evaluates to", on terms. For such languages, (9 eva i captures the familiar notion of ob- 
serving the final output of an evaluation: 

Ceval = { "evaluates to O v | O is an output term}. 



Here the output terms are those terms regarded as observable "output values". These 
typically include the ground constants (integers, truth values, ...); A-abstractions and 
finite lists of output values might also be included. 

There are other notions of observation based on evaluation. For instance, (9i azy con- 
sists of the single predicate true of exactly those terms whose evaluation can terminate. 
And notions of observation can be based on semantics of terms, e.g., 

0- in t = {"has the meaning of V | is an output term}. 

In this paper, however, we will be mainly concerned with (9 eva i- 

Any notion of observation induces a preordering on terms called observational approx- 
imation. Intuitively, one term approximates another if, according to the chosen notion of 
observation, the approximated term exhibits at least as much observable behavior when 
used in any program as the approximating term. 

Definition 1 Let £ be a language with a notion of observation O. A term M obser- 
vationally approximates a term A, written M C ofes A, if for all contexts C[-], whenever 
C[M] is a term yielding an observation from (9, then C[N] is a term yielding it as well. 
M and A are observationally congruent , written M = bs A, iff M C ofes A and A C ofes Af. 

Observational approximation provides precise meaning for questions such as, "Does 
my code meet a specification?" or "Will my new implementation of a module change the 
behavior of the program?" 

In languages like PCF with applicative syntax and a suitable notion of closed terms, 
analysis of observational approximation can be simplified by appealing to a Context 
Lemma: 

Definition 2 Let £ be a language with a notion of observation O. We say a term M 
applicatively approximates a term A, written M C app A, iff for all vectors of closed terms, 
P, whenever MP is a term yielding an observation, N P is a term yielding it as well. The 
Approximation Context Lemma 1 holds if for all closed terms M and A, 

M\Z app N iff M\Z obs N. 

A fundamental result of Milner [27] is that under (9 eva i with numerals taken as the 
output terms, PCF itself, as well as its extension with parallel-or, satisfies the Approxi- 
mation Context Lemma. We will see later that the Approximation Context Lemma holds 
for all languages defined in a "PCF-like" operational discipline, including, of course, PCF 
and its familiar extensions. 

One method for proving observational approximations is by developing an abstract 
meaning, [Af], of a term M that is adequate to determine its observations. 



Tn particular when O is eV ai, Bloom [9] calls this "operational extensionality" while Milner [27] uses 
simply "the Context Lemma" . We use the more descriptive "Approximation Context Lemma" because 
we will later consider Context Lemma's that are not based on approximation. 



Definition 3 A meaning function for a language £ is a function [•] from terms M 
to values [Af] in some set, partially ordered by a relation C. A meaning function is 
compositional iff for all terms Af, A and contexts C[-], if [Af] C [A] and C[Af] is a term, 
then C[N] is a term and [C[Af]] C [C[A]]. 

A meaning function is adequate 2 for a notion of observation O iff for all terms Af, A and 
all observations 06s £ (9, 

[Af] j= [A] and obs(M)) implies obs(N). 

Adequacy and compositionality guarantee that the meanings accurately predict ob- 
servational approximation. 

Lemma 4 A compositional meaning function [•] is adequate for a notion of observation 
iff for all terms M and N , 

[Af]C[A] implies M \Z obs N. 

The ordering on adequate meanings may be strictly finer than observational approx- 
imation. In the ideal situation, known as full abstraction, the two orderings coincide: 

Definition 5 Let [•] be a meaning function for a language C with a notion of observa- 
tion O. We say [•] is approximation fully abstract 3 if for all terms M and A, 

[Af]C[A] iff M\Z obs N. 

It is equationally fully abstract if for all M and A, 

[Af] = [A] iff M= obs N. 

Approximation full abstraction trivially implies adequacy for compositional meaning 
functions. Assuming that each output term evaluates to itself, it follows immediately 
that if [•] is adequate for (9 eva i and [0] C [Af], then M evaluates to (9, for any output 
term 0. If, in addition, the meaning function is sound for the evaluator, we easily obtain 
a familiar (c/. [26]) alternate characterization of adequacy: 

Definition 6 A meaning function [•] is sound for an "evaluates to" relation if for all 
terms M and A, 

M evaluates to A implies [Af] = [A]. 



2 As with the Context Lemma, we might more descriptively call this "approximation adequate"; but 
we will use only the version of adequacy based on approximation, and call it simply adequacy for brevity. 
3 Stoughton [36] calls this "inequationally fully abstract". 



Lemma 7 A sound, compositional meaning function [•] is adequate for (9 eva i iff 

[O] = [M] iff M evaluates to 0, 

for all terms M and output terms 0. 

This paper focuses specifically on the language PCF and its extensions. The precise 
(usual) definitions of PCF syntax and semantics appear in Appendix A, and we provide 
only a quick review here. 

PCF is a simply typed A-calculus with Boolean and natural number ground types, 
numerals n for n > 0, Boolean constants tt and ff , and simple arithmetic, recursion, 
and conditional operators. The evaluation relation -» of the language is given by term 
rewriting rules. 

Definition 8 An extension of PCF is a simply typed language together with a set of 
rewrite rules. The types, typed constants, and rewrite rules of the extension must include 
those of PCF. The extension is conservative iff for all PCF terms M , and all terms N in 
the extension, 

M^ extended A iff M^pcfA. 

Observational congruence, adequacy, etc., for PCF and its extensions will be defined 
with respect to (9 eva i, where we take the rewriting relation -» as the "evaluates to" 
relation, and the output terms are the ground constants tt, ff , and n for n > 0. 

The results of the next section, which examines full abstraction for models of exten- 
sions of PCF, require that we prove facts about the meanings of terms while knowing very 
little about the extensions or the models. We will only have adequacy, conservativity, 
and a few other assumptions to work with. The following lemma shows that this gives 
us enough to reason about the unextended terms of the language. 

Lemma 9 If a model is adequate for a conservative extension of PCF, then it is also 
adequate for PCF. 

Proof: Suppose a model [•] is adequate for a conservative extension of PCF, and [Af] C 
[A] for some PCF terms M,N. All models are compositional, so lC[M]j C {C[N]j 
for any PCF context C[-]. So for any ground PCF constant c, if C[M] -» ex tended c, 
then C[N] -^extended c by adequacy. And then by conservativity, if C[M] -»pcf c, then 
C[N] ^pcf c. Hence, M H™f N. ■ 

We will further require that our models be sound, and that the ground types o and t 
be interpreted as the flat epos {tt } ff}± and {0, f , . . .}j_, with the standard interpretation 
of tt, ff , and the numerals n. Such models will be called models with Booleans (though 
they are indeed also models with integers). Two models with Booleans of particular 
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interest are the cpo model CJ-] and the stable model <S[-J. Both models are adequate but 
not fully abstract for PCF. 

The additional information about the ground types of models with Booleans is in fact 
enough to determine the meanings of ground PCF terms. 

Lemma 10 The meaning of any closed PCF term of ground type is the same in all 
models with Booleans that are adequate for PCF. 

Proof: Let M be a closed PCF term of type o (the case M : t is similar). In PCF, 
exactly one of the following holds: (1) M -»pcf tt; (2) M -»pcf f f ; or (3) neither (1) 
nor (2) holds. And by Lemma 7, M -»pcf "tt iff [Af] = [tt] = tt for any model with 
Booleans [•] adequate for PCF. Similarly, cases (2) and (3) imply [Af] = ff and [Af] = _l_ 
respectively. ■ 

Thus we can use any particular adequate model with Booleans, like the familiar cpo 
model, to discover the meaning of ground PCF terms for arbitrary adequate models with 
Booleans. We have less to say about terms of higher type. But the following notions are 
useful: 

Definition 11 Let r be a first-order type, that is, a type of the form a\ — > ■ ■ ■ — > cr n} 
where o 3 is a ground type for 1 < j < n. Let [•]• for i = 1,2 be type frames such that 
C x on [c.,]^ equals C 2 on [<Tj] 2 , and let /,- £ l T \- Then fi pointwise approximates / 2 , 
written /iC pnt / 2 , iff for all d 3 £ \o 3 \, 

h(d 1 )---(d n ) C x f 2 (d 1 )---(d n ). 

It follows immediately from Lemma 10 that the functions that are the meanings of a 
PCF term of first-order type agree pointwise in all models with Booleans that are adequate 
for PCF. So we can use the meaning of a first-order PCF term in some particular model 
to reason about its meaning in any adequate model with Booleans. 

However, pointwise equality is not quite the same as equality of functions. For ex- 
ample, consider the conditional constant cond : o — >■ o — >■ o — >■ o. Now <S[cond ] = pn t 
C[cond ]. But the stable domain does not contain parallel-or, so the stable and cpo 
meanings of o — > o — > o are different. Thus, <S[cond ] ^ C[cond ] since the two functions 
have different codomains. 

Nevertheless, it follows immediately from the definitions that pointwise approximation 
has the following useful property: 

Lemma 12 Let [•] be a model with Booleans that is adequate for PCF, and let M and N 
be closed PCF terms of first- order type. Then 

[M]C pnt [JV] implies M\Z app N. 



3 Failures of Full Abstraction 

Our first theorem hinges on the presence of certain simple functionals over the Booleans. 

Definition 13 Let True be the constant tt function on the flat Booleans, and True! be 
the strict constant tt function. A true-separator is a function / satisfying 

/( True) = tt, 
f(True!) = ff. 

Theorem 14 Let [•] be a model with Booleans that is adequate for some conservative 
extension of PCF satisfying the Approximation Context Lemma. If [•] contains a true- 
separator, it is not equationally fully abstract. 

Proof: Define the terms 

def 

True = \x.tt, 

def 

True! = Ax. cond x tt tt. 

By the definition of model with Booleans, we have [True] = True. And by Lemma fO, 
[cond] = pn t CJcond], so by definition of model with Booleans, we have [True !] = True! . 
Then True ! C app True by Lemmas 9 and 12. So by the Approximation Context Lemma, 
True ! C ofes True. 

We conclude that there is no term P defining a true-separator; otherwise True ! 
and True yield distinct observations in the context (P [•]), contradicting the fact that 
True ! C ofes True. 

However, we can define a true-separator detector, D, as follows: 

def 

D = Xx. cond (x True) (cond (x True !) 0° tt) 0°, 

where 0° is the divergent term (Y (\z°.z)). By Lemma 10, [fi°] = C[0°] = _l_, and so 

Ij- n -n/ r\ J tt if / is a true-separator, 

WKj) = | j_ otherwise. 

Now [Ax.O ] is the constant _l_ function, so [D] ^ [Ax.O ], since they differ exactly on 
arguments that are true-separators. But since true-separators are not definable by terms, 
D and Ax.O are applicatively congruent. Then by the Approximation Context Lemma, 
they are observationally congruent, contradicting equational full abstraction. ■ 



Corollary 15 If a stable function model with Booleans is adequate for a conservative 
extension of PCF that satisfies the Approximation Context Lemma, then the model is not 
equationally fully abstract. 
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Proof: Every stable function model with Booleans contains a true-separator truesep, 
defined as follows: 



truesep(g) 



tt if g = True, 
ff if g = True!, 
_l_ otherwise. 



Corollary 16 The PCF equations valid in the stable model do not include those valid in 
the cpo model. 

Proof: Just note that C{D\ = CJAic.fi ], but S{Dj ^ <S[Ax.fi ]. ■ 

Our proof of Corollary f 5 of course takes advantage of the notable fact that the stable 
ordering of functions differs from the pointwise ordering, e.g., the pair of functions True 
and True! are ordered pointwise but are stable-incomparable. In fact, the first few lines of 
the proof of Theorem 14 already show that mequational full abstraction is incompatible 
with the Approximation Context Lemma for any model in which True and True! are 
incomparable; the rest of the proof justifies the stronger conclusion that equational full 
abstraction fails as well. 

We remark that the authors of [13] have informed us that their strongly stable models 
are adequate models with Booleans for PCF, and that truesep is strongly stable, so 
Theorem 15 and Corollary 16 hold for strongly stable models. 

Berry realized that altering the pointwise ordering of functions caused difficulties, and 
he proposed from the start an additional bistable model which combines stability with the 
pointwise ordering. Since the counterexample of Corollary 15 relies on the non-pointwise 
stable ordering, it does not apply to the bistable model. 

There is, however, an interesting counterexample to the full abstraction of the bistable 
model that provides a starting point for extending our results. The counterexample, 
noted in [15], has its roots in the fundamental motivation behind stable models, viz., to 
eliminate elements like parallel-or. Consider the following definition: 

Definition 17 Let lor be the or-function that is strict in its left argument, and rorbe the 
or-function that is strict in its right argument. An or-separator is a function / satisfying 

f(lor) = tt, 
f(ror) = ff. 

The cpo model contains a parallel-or function which bounds the left- and right-strict 
or-functions, and thus, by monotonicity, cannot contain an or-separator. Since the cpo 
model is adequate for PCF, an or-separator is not definable in PCF. On the other hand, 
the stable and bistable models do not contain parallel-or, and in fact, both contain or- 
separators. 
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Thus in extending the results to the bistable model, one might try to use an or- 
separator in the role played by the true-separator in the stable case. Since neither lor 
nor ror applicatively approximates the other, an argument based on the Approximation 
Context Lemma will not work; but a similar argument based on a notion of observational 
comparability does apply: 

Definition 18 Let £ be a language with a notion of observation O. Terms M and N are 
directly comparable provided the set of observations yielded by M is setwise comparable 
to that yielded by N. The terms are observationally comparable, written M ~ 6 S A, 
if for all contexts C[-], the terms C[M] and C[N] are directly comparable. They are 
applicatively comparable , written M ~ aH3 A, if for all vectors P of closed terms, MP 
and NP are directly comparable. C with O is said to satisfy the Comparability Context 
Lemma if for all closed terms M and A, 

M~ app N iff M~ ohs N. 

Theorem 19 Let [•] be a model with Booleans that is adequate for some conservative 
extension of PCF satisfying the Comparability and Approximation Context Lemmas. If 
[•] contains an or-separator, it is not equationally fully abstract. 

Proof: Consider the terms 

def > < . 

lor = \xy. cond x tt (cond y tt ff ), 

def > < . 

ror = \xy. cond y tt (cond x tt ff J. 

By Lemmas 9, 10 and 12, we have [lor] = lor } [ror] = ror } and lor ~ app ror. So by 
the Comparability Context Lemma, lor ~ 6 s ror. 

We conclude that there is no term P defining an or-separator; otherwise lor and ror 
yield distinct observations in the context (P [•]), contradicting the fact that lor~ 6 s ror. 

However, we can define an or-separator detector as follows: 

def 

D = Ax. cond (x lor) (cond (x ror) 0° tt) 0°. 



By Lemma 10, 

PK/) 



tt if / is an or-separator, 
_l_ otherwise. 



Now [D] ^ [Ax.O ], since they differ exactly on arguments that are or-separators. 
But since or-separators are not definable by terms, D and [Ax.O ] are applicatively con- 
gruent. Then by the Approximation Context Lemma, they are observationally congruent, 
contradicting equational full abstraction. ■ 
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Corollary 20 If a bistable model with Booleans is adequate for a conservative extension 
of PCF that satisfies the Comparability and Approximation Context Lemmas, then the 
model is not equationally fully abstract. 

Proof: Every bistable model with Booleans contains an or-separator orsep, defined as 
follows: 



ors 



ep(g) 



tt if g = lor, 
ff if g = ror, 

_l_ otherwise. 



Corollary 21 ([21]) The PCF equations valid in the bistable model do not include those 
valid in the cpo model. 

Proof: Just note that C{D\ = CJAic.fi ], but B{D\ ^ B{\x.Vt% where #[•] is the 
bistable model of [5]. I 

The PCF-like languages, defined in the next section, do not satisfy the Comparability 
Context Lemma. In fact, an or-separator constant can defined through the following 
PCF-like rules: 

orsep(/) -> cond(/tt fi°) (cond (/ ff tt) (cond (/ f f ff ) tt fi°) fi°) fi°, 
orsep(/) -> cond(/fi° tt) (cond (/tt ff) (cond (/ffff)fffi°) fi°)fi°. 

Thus we will have to restrict the class of rules we consider if we wish to apply Theorem 19. 
The consistent rules of Bloom [10] are an important, natural candidate for the restricted 
class. We do not know whether the Comparability Context Lemma holds for them. 
However, we can prove that an or-separator is not definable in consistent systems by a 
method involving a notion of comparability based on logical relations, as we indicate at 
the end of the next section. 



4 PCF-like rewrite systems 

Symbolic evaluators for PCF terms are often presented as term rewriting systems. In this 
section, we give the basic definitions for such systems, and give our criteria for calling 
such a system "PCF-like". Our evaluator for PCF is given in Appendix A. 

A rewrite rule is a pair / — > r of terms of the same type, such that the free variables 
of the right-hand side r are included in those of the left-hand side /. We write M — > v N 
if for some subterm A of Af, A — > A' is an instance of the rule 7r, and N is obtained 
from M by replacing A with A'. We will omit A or tt as convenient. 

II 



Since all of our languages are simply typed A-calculi, we will always include f3- 
reduction in the rewrite rules of the language. Additionally, we may specify some set 
of 6 -rules defining the behavior of the constants. Together, and f3 define the rewriting 
relation — >q^ on the language C We omit and f3 when they can be recovered from 
context. 

The (5-rules of PCF have a particularly simple form: 

Definition 22 A linear ground 6-rule is a rewrite rule of the form 

<5mim 2 • • • m n — > P, 

where each m 8 - is either a ground constant c 8 - or a variable X{. The variables X{ must 
be distinct. A PCF-like rewrite system is a language C together with a set of linear 
ground <5-rules on the constants of C 

Note that this definition of "PCF-like" is meant to be generous. In particular, al- 
though the system for pure, unextended PCF is both single- valued — every term reduces 
to at most one constant — and confluent, PCF-like systems in general may be multiple- 
valued and nonconfluent. 

An interesting example of a multiple- valued PCF-like system arises in [9]. There, 
Bloom defines an extension of PCF that is both fully abstract and denotationally uni- 
versal for the lattice model of PCF. The key to the construction amounts to the addition 
of operators T : o and join : o — >■ o — >■ o with rules 

join x y — > x } 

joinxy -> y, 

joinn]_n2 — ► T, ni^, 

T — > n } n > 0. 

Nonconfluent but single- valued systems are also of interest. For example, [30] extends 
parallel PCF by an existential operator, 3 : (i — > o) — > o, to achieve a language that is 
fully abstract and denotationally universal for the cpo model. There, 3 is defined by the 
deductive rules 

pn -» tt pft -» f f 



3p -> tt ' 3p -> f f ' 

where -» is the reflexive transitive closure of — >. The resulting language is indeed con- 
fluent, but goes beyond mere term rewriting. Because he wanted to be able to specify 
constants like 3, Bloom [10] introduced observation calculi as a definition of "PCF-like" 
deductive rules. 

But note that if we give up confluence, it is possible to define an 3 constant while re- 
maining in a term rewriting discipline. One such definition was given in the introduction; 
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we provide here a second implementation, which uses the parallel-or combinator por. 



3p — > por (pO) ( 3(\x.p(succ x)) 
3p — > cond (pft) tt ff . 

This kind of rewriting is more straightforward, but actually as powerful as the deductive 
discipline. 

Since PCF-like systems are not confluent in general, we will not be able to use con- 
fluence in our proof of the Context Lemma. Instead we will rely on a standardization 
theorem , which states that if a term M rewrites to a term iV, then there is a "standard" 
reduction from M to N. Thus we only need consider these standard reductions in our 
proof. 

Typically, the standard reductions are a class of reductions with a particularly nice 
structure. For instance, in the pure, typed A-calculus, a standard reduction is one in 
which redexes are contracted from left to right. 

The definition of standard reductions in PCF-like rewrite systems is more compli- 
cated because they admit the upwards creation of redexes, cf. [19]. However, there is 
a simple inductive characterization of those standard reductions that end at a ground 
constant. This will be sufficient to follow the proof of the Context Lemma given in the 
next section, so we defer the general definition of standard reductions, and the proof of 
the Standardization Theorem, to Appendix C. 

Before defining the standard reductions to ground constants, we introduce some useful 
notation. Consider the set of indices 

{ i | rrii is a constant c 8 - in rule 6 : 8m — > P }. 

These indices identify what we call the critical arguments of 6, since the rule 6 applies 
to a term SQ iff Qi = c 8 - for i in the set. For expository purposes it will be convenient to 
separate the critical and non-critical arguments of a constant 8 (relative to some linear 
ground 6- rule 9). 

Notation 23 Let 6 : 8m — > P be a linear ground 6- rule with j critical arguments and k 
non-critical arguments. Then for vectors A = A\ ■ ■ ■ Aj and B = B\ ■ ■ ■ P>k } we let 

S g (A,B) = SQ, 

where Q is the interleaving of A and B such that the A 8 's appear at the critical indices 
of Q. We drop the subscript 6 when it can be recovered from context. 

Note that we do not require that SQ be an instance of Srn; we will want to use the <5(-, •) 
notation on terms that we anticipate becoming ^-redexes over the course of a reduction. 
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In this notation, we write linear ground <5-rules as 

9 : 6(c, x) -> P 
or even 

9 : S(c, x) -> P(x) 
when we wish to make the dependence of P on x explicit. 

Definition 24 The standard reductions to ground constants in a PCF-like rewrite system 
are defined inductively as follows. We will write M -» s c for a standard reduction of a 
term M to a ground constant c. 

• If c is a ground constant, then the 0-step reduction c -» c is standard. 

• If Mi, M 2} . . . , M n are terms, and c is a ground constant, then a reduction 

(XxM 1 )M 2 M 3 ---M n -+p M 1 [x:=M 2 ]M 3 ---M n 

is standard. 

• If Ci, C 2} • • • , C n , D, E are terms, and c, ci, c 2 , . . . , c n are ground constants, then a 
reduction of the following form is standard: 

o-i : S e (C 1 C 2 ---C n ,D)E -» 6 6 { Cl C 2 - ■ ■ C n ,D)E 
a 2 : -^ ^(cic 2 • • ■C n ,D)E 

: — » • • • 

<r n : ^ S e (c 1 c 2 ■ ■ -c n ,D)E 

^e Pe(D)E 

~^ s c, 

where for I < i < n, the subreduction <t 8 - consists of a standard reduction from the 
subterm d to the ground constant c 8 -. 

Theorem 25 (Standardization) For any PCF-like rewrite system, if M -» N , then 
there is a standard reduction M -» s N . 

Note that if we require our rules to be non-overlapping , then they are a special case 
of orthogonal rewrite systems, for which both confluence and standardization have been 
known for some time [19]. Similarly, confluence and standardization have been known for 
the systems of Bloom [10], which restrict our systems by allowing only so-called consistent 
overlaps at the root. However, it is not clear whether 3 can be defined in such systems, 
and we certainly lose the ability to define interesting non-confluent systems, such as PCF 
extended with join. 
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5 The Context Lemma 

Once standardization is known, the Context Lemma can be proved by a straightforward 
adaptation of Bloom's proof for his observation calculi [10]. First we recall the following 
basic facts about substitutions. 

Lemma 26 (Substitution Lemma) If x ^ y and y ^ FV(L), then 

M[x := L] [y := N[x := L]] = M[y := N][x := L\. 

Lemma 27 If x g FV(P), then 

P[y := N[x := M]] = (P[y := N])[x := M]. 
The Context Lemma will follow immediately from this next result. 

Lemma 28 Suppose C is a ground term, c is a ground constant, M and N are closed 
terms of the same type, and M\Z app N. If C[x := M] -» c, then C[x := N] -» c. 

Proof: By Standardization, C[x := M] -» s c. We show C[x := N] -^> c by induction on 
the length of the reduction C[x := M] -^> s c. 

1. The only reduction C[x := M] -^> s c of length zero is c -» c. Then one of the 
following holds: 

(a) C = c. Then clearly C[x := N] = c -^> c. 

(b) C = x and M = c. Here C[x := N] ^> c because M\Z app N. 

For the induction, we consider subcases on the form of C. 

2. C = (XyC\)C2 • • • C n . Assume x ^ y (the case x = y is similar). Since M is closed, 
we have 

C[x:=M] = (Xy(d[x := M]f)C 2 [x :=M]---C n [x := M]. 

Then the reduction C[x := M] -^> s c is of the form 

C[a;:=M] = (Aj/(Ci[x := M]))C 2 [a; := M] ■ ■ ■ C n [x := M] 

^ p (d[x := M]) [y := C 2 [x := M}\ C 3 [x := M] • • • C n [x := M] 

^s C. 

By the Substitution Lemma, 

(C^x := M])[y := C 2 [x := M]] = (C^y := C 2 ])[x := M], 
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so our reduction can be rewritten 



C[x:=M] = ((XyC 1 )C 2 ---C n )[x:=M] 

-^ ((C 1 [y:=C 2 ])C 3 ---C n )[x:=M] 



c. 



Now by /3-reduction, the fact that N is closed, and the Substitution Lemma, 

C[x:=N] = ((XyC 1 )C 2 ---C n )[x:=N] 

-^ ((C 1 [y:=C 2 ])C 3 ---C n )[x:=N]. 

And by induction, 

((C 1 [y:=C 2 ])C 3 ---C n )[x:=N] -» c. 

Thus we have a reduction C[x := N] -» c as desired. 

3. C = 8C\ ■ ■ ■ C n . Then the reduction C[x := M] -» s c must contract the head 8 by 
some rule 6 : Se(d } y) — > P(y) (where each d{ is a ground constant). Accordingly, 
we rewrite C as 

C = 8 e (D } E)F. 

Then the reduction C[x := M] -» s c is of the form 

C[x := M] = 8 e (D[x := M],E[x := M])F[x := M] 

-» <5 e (d, E[a; := M])F[x := M] 

->e P(E[x := M])F[x := M] 

~^ s c, 

where each Z),-[a; := M] -» s d{ in turn. By Lemma 27, 

P(i[x:=M]) = P(E)[x:=M], 

so the reduction can be rewritten 

C[x:=M] = (8 e (D } E)F)[x:= M] 
-» (^(J,i)F)[x :=M] 
-^ (P(E)F)[a;:=M] 

~^s C. 
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Again by Lemma 27, 

P(E[x := N])F[x := A] = (P(E)F)[x := A]. 

And by induction, (P(E)F)[x := A] -» c, and D\x := A] -» g? 8 -. Thus we have 
found a reduction 

C[x := A] = (6 e (D, E)F)[x := A] 

-» (^(d,i)F)Lr:=A] 

-^ (P(i)F)[x:=A] 

-» c. 

4. C = xCi • • • C n . Then consider the term 

C" = MC\---C n . 

Note that C[x := M] = C"[x := M], so C"[x := M] ^ s c. Moreover C" must be of 
a form considered in the two previous cases, and so by the previous argument we 
conclude C'[x := A] -» c. Now consider the applicative context 

C"[-] = [■]C\[x:=N]---C n [x:=N]. 

Since C"[M] = C'[x := A], we have C"[M] -» c. Finally, MC app A implies 
C"[A] -» c; and 

C"[A] = NC\[x:=N]---C n [x:=N] 
= C[x:=N], 

so C[x := A] -» c. 

Note that we need not consider the case C = yC\ ■ ■ ■ C n} where y ^ x, since then 
C[x := M] can never reduce to a ground constant. ■ 

Theorem 29 (Approximation Context Lemma) In any PCF-like rewrite system, 

M\Z obs N iff M\Z app N 

for all closed terms M and A. 

Proof: 

(^=>) Trivial. 

(*!==) It is sufficient to show the following: for all ground contexts C[-] and ground 
constants c, if C[M] -» c, then C[N] -» c. 
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Remember that the action of placing a term into the "holes" of a context differs from 
substitution only in that free variables of the term can be captured. But M and N are 
closed, with no free variables to capture; so for any context C[-], 

C[M] = (C[x])[x := M], 
and C[N] = (C[x])[x := N], 

where x is a fresh variable. So by Lemma 28, if C[M] -» c, then C[N] -» c as well. ■ 
We now have immediately from Corollary f 5: 

Theorem 30 Every stable function model with Booleans that is adequate for a conserva- 
tive extension of PCF defined by PCF-like rewrite rules is not equationally fully abstract. 

We remark that a simple sufficient condition to ensure that an extension of PCF 
by PCF-like rules is conservative is that <5-rules whose left-hand sides involve no new 
(non-PCF) constants must be exactly the rules of PCF. 

Because we are unable to prove a Comparability Context Lemma for consistent PCF- 
like rewrite rules, Corollary 20 cannot be applied. Nevertheless, our analysis of compa- 
rability can be extended to show: 

Theorem 31 Every bistable model with Booleans that is adequate for a conservative 
extension of PCF defined by consistent PCF-like rewrite rules is not equationally fully 
abstract. 

This will be proved in a forthcoming paper. 

6 Conclusions and Future Work 

We have extended the metatheory of term rewriting semantics for simply typed A-calculi 
and have shown that certain denotational models, in particular those based on stable and 
strongly stable domains, cannot be fully abstract for such operational semantics. Our 
proof exploits the lack of order-extensionality in these domains, but an extension of our 
results to certain order-extensional domains such as the bistable domains is possible and 
will be the subject of a forthcoming paper. 

The category of sequential algorithms [6] is technically not a model in our sense, 
but is like the stable model in that it is a Cartesian Closed Category with partially 
ordered function objects that are not pointwise ordered. We believe that with some 
minor modifications our results will apply to it as well. (This claim stands in apparent 
contradiction to the results of [6], which shows that the language CDS, based on concrete 
data structures [22], is fully abstract for the sequential algorithm model. However, it 
seems questionable to us to call a language such as CDS "PCF-like", since it does not 
have A-abstraction or even variables.) 
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We conjecture that our methods and results will extend to untyped versions of PCF- 
like languages. Extensions to lazy and call-by- value languages also seem plausible, though 
with more difficulties, since higher order terms now yield observations and the notion of 
lazy model is more technical. 

A particular open problem that we have not yet resolved is the case when the definition 
of model with Booleans is relaxed to allow "extra" Boolean elements, e.g., if the Boolean 
type is interpreted as {tt } ff } error} ±. Finally, although we are able to show the failures 
of some order-extensional models, like the bistable models, the extensional embedding 
methods of [12] offer a more sophisticated way to restore order-extensionality which, for 
example, guarantees that the theory of the extensionally embedded models includes that 
of cpo's. We do not know whether these models can avoid the kind of failure of full 
abstraction that we have identified. 

How great a failing of, for example, the stable domains, is lack of full abstraction? 
The category of stable domains is mathematically rich and offers a plausible formulation 
of higher-order effective comput ability. We have shown that stable computability cannot 
be captured precisely in the familiar rewriting style of operational semantics which works 
for the cpo or even the lattice models. But as we observed in the introduction, the failures 
of full abstraction we have shown might be avoidable by some other attractive, as yet 
undeveloped, operational semantics. Such an operational semantics would be interesting 
to see; and indeed, some recent work of Cartwright and Felleisen [14] suggests a fruitful 
development in this direction. 
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A PCF 

Because we will work with both PCF and its extensions, we give the general definitions 
for simply typed A-calculi. A language is parameterized by its ground types and typed 
constants; for instance, PCF's ground types are the Booleans o and the numerals i, and 
its constants are listed in Figure f . 

The set of types of the language is the least set containing the ground types and 
(cr — > t) for types a and r. The set of first-order types is the least set containing the 
ground types and (cr — > r) for ground types a and first-order types r. 

The typed terms of the language are defined inductively: 

• A constant 6 a is a term of type a . 

• A variable x a is a term of type a . 



• If M is a term of type (cr 
type r. 



t) and A is a term of type cr, then (MA) is a term of 



• If M is a term of type r, then (\x a M) is a term of type (cr — > r). 

We omit types and parentheses whenever possible, adopting the standard conventions 
of association: application associates to the left, and types associate to the right. We will 
use Af, A, P, . . . to denote arbitrary terms; x } y } z } ... to denote arbitrary variables; and 
cr, r, 7, . . . to denote arbitrary types. 6 will always denote a constant, and c will always 
be a ground constant. The binary relation symbol = denotes syntactic equality. 

Free and bound variables are defined as usual, and we consider terms that are identical 
modulo a change of bound variables to be syntactically identical. A term is closed if it 
has no free variables; otherwise it is open. A program is a closed term of ground type. 

A substitution is a typed-respecting mapping of variables to terms. Substitutions 
are extended to terms as usual (taking care to avoid capture of free variables), and are 
written postfix, so that Mp is the application of the substitution p to the term M. We 
call Mp an instance of M. If x = x-±, . . . , x n and A = Ai, . . . , N n , then [x := A] is the 
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Figure I: Constants of PCF 
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condtt x y - 


■* X 


condff x y - 


■* y 


zero?0 - 


-> tt 


zero? n + 1 - 


-> ff 


succra - 


-+ n + l 


predO - 


■* o 


predra + 1 - 


-> n 



Y/ - /(Y/) 

Figure 2: Rewrite rules for PCF 

substitution that maps each X{ to A 8 - (simultaneously), and is the identity otherwise. A 
special case is [x := A], so that M[x := A] is the result of substituting A for x in M. 
Sometimes we write M = M(x), with the intent that M(N) = Af[x := A]. 

A context C[-] is a term with some "holes". C[M] denotes the result of putting M 
into the holes of C[-], which may cause free variables of M to become bound. We say 
C[-] is a program context for M if C[M] is a closed term of ground type. 

The interpreter of the language is defined via a rewrite system; any set of 6- rules, 
together with the classical rule (/3), induces the one-step reduction relation — >. The 
relation -» is the reflexive transitive closure of — >. Figure 2 gives the <5-rules for PCF. 



B Simply Typed Models 

Here we develop the general framework for function-based models of simply typed A- 
calculi. 

A type frame {[c]} is collection of sets indexed by type such that [cr — > r] is a set of 
functions from [<r] to [r]. The sets [<r] are called domains, and the elements of each [<r] 
are called meanings or values of type a . 

Since our discussion focuses on issues of adequacy and full abstraction, we also require 
the following: 

• there is a partial order C^ associated with each domain [cr]; 

• the functions of \o — > r] are monotone with respect to the orderings C^ and C T ; 
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• and the relation C (7 ^ T refines the pointwise relation on functions f,g £ [cr — > t\ 



i.e. 



¥\p ~- 


- A^) 


{xjp = 


= p( x ) 


l(MN)jp = 


= (lMj P )(lNjp) 


(IXxMjpM = 


= lMjp[x:=d] 



f ^<j^t g implies f(d) C T g(d) for all d £ [cr]. 

The last two conditions say that function application is monotone in both arguments; 
this implies that models, defined below, are compositional. 

An environment is a type-respecting mapping from variables to values. If p is an 
environment, then the environment p[x := d] is p with the value of x updated to d: 

p\x:=d](y) = [ d i{ y = x : 

1 p(y) otherwise. 

An interpretation is a type-respecting mapping from constants to values. For a given 
type frame {[cr]} and interpretation X we can try to define a model, [•], that is a mapping 
from each term to a meaning with respect to an environment, satisfying the following 
conditions: 

(1) 
(2) 
(3) 
(4) 

Implicit in condition (4) is the requirement that the function defined to be ([AxM]/?) 
must be an element of the type frame. In other words, a model is a type frame that is 
closed under lambda-definability. Such closure certainly does not hold for all type frames 
(cf. [25]). 

The meaning of a closed term is the same in any environment: 

IMjp = {My 

for all closed M and arbitrary p } p' . Therefore we sometimes write \M\ for the meaning 
of a closed term Af, omitting the environment. 

Continuity 

We give the standard definitions for cpo's and continuous functions, then define the cpo 
model of PCF. 

A partial order or poset is a set D together with a binary relation C that is reflexive, 
transitive, and anti-symmetric. We will refer to the partial order (D, C) as just D. A 
subset X C D is directed if every finite subset of X has an upper bound in X. A partial 
order D is a complete partial order or cpo if it has a least element _l_£> and every directed 

25 



subset ICfl has a least upper bound UA. We omit the subscript D in _l_£> when it can 
be recovered from context. For any set A we define the cpo Aj_, with elements JU{lj}, 
ordered x \^y iH x = y ov x =_l_x- 

A function / : D — >■ E between posets is monotone if f(x) C s f(y) whenever x C D y. 
We say / is continuous if it is monotone and f(\JX) = \Jf(X) for every directed X C D. 

The set D — > c E of continuous functions from cpo D to cpo E is a cpo under the 
pointwise order C p , defined as follows: 

/ ^=p 9 iff f( x ) ^=E g(x) for all x £ Z>. 

If Z> is a cpo and / : Z> — >■ Z> is continuous, then / has a least fixed point fix(f). The 
function fix itself is continuous, which will allow us to interpret the recursion operator Y. 

Now we define the cpo model CJ-] of PCF, based on continuous functions and epos. 
First we construct a type frame with ground domains C[o] = {tt } ff}± and C\t\ = 
{0, 1, 2, . . .}_|_, and higher-order domains C\a — > r] = C\a\ — > c C[r]. The cpo model 
of PCF is then the model CJ-] associated with {C[cr]} and the standard interpretation: 
the ground constants are interpreted in the obvious way; the constants Y^ are interpreted 
as least fixed-point operators; and the interpretation of the remaining function constants 
is determined by the condition that the rewrite rules of Figure 2 be valid as equations. 

Theorem 32 (Plotkin[30], Sazonov[31]) The cpo model Cl-J is adequate but not fully 
abstract for PCF. 

Stability 

If D is a partial order and ICfl, then X is bounded or consistent if there is an element 
y £ D such that x C y for all x £ X. If elements x and y are consistent we will write 
x | y. We say D is bounded complete if every bounded subset ICD has a least upper 
bound VAX. 

An element a £ D is compact if, for every directed X C D with a C UA, there is 
some x £ A such that a C x. We define KZ>, the kernel of Z>, to be the set of compact 
elements of D. The cpo D is algebraic if, for every x £ Z>, the set J,x = { a £ KZ> aC j} 
is directed and U \,x = x. 

The greatest lower bound of a set A is denoted I~IA. A cpo is distributive if x\A(y\Jz) = 
(x \A y) \J (x \A z) whenever y and z are consistent. An algebraic cpo D has property I if 
\,a is finite for each a £ K.D. A dl-domain is a distributive, bounded complete cpo that 
has property I. 

A continuous function / between dl-domains is stable if whenever x | y, we have that 
f(x\Ay) = f(x)\Af(y). We let D — > s E be the set of stable functions between dl-domains 
D and E. As noted in [5], D — > s E ordered pointwise is not a dl-domain; accordingly we 
define the stable ordering C s : 

/ Es 9 iff f( x ) = f(y) n 9( x ) whenever iCj/. 
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Figure 3: Boolean functions 

If D and E are dl-domains, then D — > s E is a dl-domain under the stable order. 

It must be noted that the stable order is quite different from the pointwise order. For 
instance, consider the monotone Boolean functions, listed in Figure 3. These functions 
are both continuous and stable, and so they are elements of both the continuous and 
stable type frames. However, the stable ordering of o — > o (Figure 5) is different from its 
pointwise ordering (Figure 4). In particular, consider True, the constant tt function, and 
True!, the strict constant tt function. Although True! ^ p True } we have True! \^ s True } 
since _l_ ^ s tt but 

True!(±) = _L ^ tt = ( True.'(tt) n True(±)). 

(It is this that permits the existence of the function truesep that was needed in Corol- 
lary 15.) 

Nevertheless, a stable model <S[-J of PCF, based on dl-domains and stable functions, 
can be defined in much the same way as the cpo model. The ground domains SloJ and 
<S[i] of the stable type frame are identical to the ground domains of the cpo model. At 
higher types, however, we use stable functions: <S[cr — > r] = <S[cr] — > s SItJ. Then we 
let <S[-J be the model associated with the stable type frame and the (stable) standard 
interpretation (c/. the interpretation of the cpo model). 



Theorem 33 (Berry[5]) The stable model S\ 
PCF. 



•] is adequate but not fully abstract for 
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C Standard reductions in PCF-like rewrite systems 
C.l Preliminaries 

This appendix gives a full definition of standard reductions and proof of the Standard- 
ization Theorem. In this section we sketch out some of the basic terminology of rewriting 
systems. Section C.2 introduces descendants, which allow us to trace subterms from step 
to step in a reduction. In Section C.3 we show that a very weak form of confluence 
holds for PCF-like systems; this property will be essential in proving the Standardiza- 
tion Theorem. Section C.4 introduces labelled rewrite systems, and proves that they are 
strongly normalizing. The labelled systems will be used in the proof of Standardization. 
The standard reductions are defined in Section C.5, and Standardization is proved in 
Section C.6. The proof is a variation of Klop's proof for the pure A-calculus [23], and 
involves a rewriting system on reductions. The system successively rewrites non-standard 
reduction paths to "more standard" paths; Standardization is proved by showing that 
the system is strongly normalizing, and that normal forms are standard reductions. 

Our presentation of the machinery used to state and prove Standardization is neces- 
sarily brief. Much of the material is covered in more depth in standard references [3, 23]. 
Throughout we will work with a PCF-like rewrite system given by a language, C, and 
set, 0, of linear ground 6- rules. 

We assume that the reader is familiar with the following terminology. The notation 
M C N denotes that M is a subterm of N. A subterm may appear several times in 
a term; multiple occurrences of a subterm can be distinguished by their paths, which 
specify the exact position of a subterm inside the term. When we speak of a subterm 
M C N we implicitly mean a particular occurrence of M in A; the disambiguating paths 
are omitted. 

Note that M — > A iff there is an instance A — > A' of a rule tt such that A C M , and 
A is obtained from M by replacing A with A'. We will write M — > v A in this case, and 
we call A a (irj-redex and A' its (Tr)-contractum. 

A reduction (path) cr is a sequence 



A l M -I M ^l 



a : M 1 ^ M 2 % 2 M 3 



We will use <r, r, . . . to refer to reduction paths. Two reductions are coinitial if they 
start in the same term, and cofinal if they end in the same term. 

C.2 Descendants 

Consider some possible effects of a reduction M — > N on a subterm A C M: 
• A could be erased, as in (Xx.y)A — > y. 
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• A could be copied to some instances in A, as in (Xx.Sxx)A — > 8AA. 

• A could be left untouched and in its original position, as in A((Xx.x)y) — > Ay. 

• The contracted redex might occur within A, transforming it into a syntactically 
different subterm in the same position. 

In order to define and prove standardization, we will need to speak precisely about these 
cases, so we introduce descendants, which let us track a subterm throughout a reduction. 
We will not define descendants in their full generality, but only for certain subterms of 
interest. Our definition is equivalent to the standard definition [23] on those subterms. 

Descendants are introduced via an annotated rewrite system derived from C and 0, 
in which some A's and <5's are marked with a *. Thus we define the language £*, whose 
symbols are those of £, with the addition of A*, and 8° for each constant 8 a of C The 
terms of £* are defined inductively: 

• A constant 8 a or 8° is a term of type a . 

• A variable x a is a term of type a . 

• If M is a term of type (cr — > r) and A is a term of type <r, then (MA) is a term of 
type r. 

• If M is a term of type r, then (\x a M) and (\*x a ' M) are terms of type (cr — > r). 

The erasure \M\ £ C of M £ £* is obtained from M by leaving out the *'s. Substitution 
for the language is defined in the obvious way (with A*'s binding variables just as A's). 
The rules of the new system include f3 and the rule scheme /?*: 

P* : (\*xM)N ^ M[x := A]. 

Similarly, the <5-rules 0* of the system are derived from the rules 0. If 6 is a rule of 0, 

9 :8(c } x) -> P(x), 

then 0* contains all rules of the form 9' and 9*: 



9' : 8{c',x) -> P(x), 

9* : 8*(c'x) — >■ P(x), 

where c' is any vector of £* ground constants such that \c'\ = c . 

There is a strong connection between the systems. Any ©^-reduction path <r, 

a : M x %, M 2 % 2 M 3 \ 3 ■ ■ ■ , 
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projects to a ©-reduction path \tr\: 

I I I 1\J I l Al l I 1\J I l A2 l I 1\J I l A3 l 

\<t\ : | Mi | -^| X1 | |M 2 | -^| X2 | |M 3 | -^| X3 | •••. 

Conversely, for any M £ £* and ©-reduction path <r : \M\ — > • • •, there is a unique /(ft 
of cr to a ©^-reduction path cr 1 : M — >■ • • • such that cr = |<r'|. 

We will be interested in tracing subterms of the form (Ax.Mi)M 2 or 8M\- • • M n 
throughout a reduction; that is, /3-redexes and possible <5-redexes. Accordingly, we intro- 
duce the following terminology. A subterm (Ax.Mi)M 2 or <5Mi • • • M n of M is called a 
predescendant of M. If T is a set of predescendants of M £ C, we write (M^J 7 ) for the 
£* term derived from M by marking the head A or 8 of each predescendant in T with 
a *. 

Definition 34 Suppose cr : M —>•••—>■ A is a ©-reduction path. 

(i) If A is a predescendant of M, its set of descendants in A relative to <r, written 
(A/<t), is defined as follows. 

Let M' = (M, {A}) and lift a to a' : M' -> • • • -> A'. If A = (AxMi)M 2 (resp. 
A = <5 Mi • • • M n ), then (A/<r) = J 7 , where T is the unique set of subterms of A 
of the form (XxM[)M^ (resp. 8M[--- M' n ), such that A' = (N,F). 

(ii) If T is a set of predescendants of M, its descendants T j cr are defined 

Tier d ^ f U{A/o-|A£^}. 

(iii) A C M is an ancestor of A' C A if A' £ A/a. 

For a given reduction Mi — > M 2 — > M 3 —>•••, we will sometimes speak of descendants 
and ancestors for subterms of terms M 8 - and Mj, where i and j are any indices such that 
j > i. We do not specify the reduction from M 8 - to Mj, as it can be recovered from 
context. 

Note 35 

(i) If M — > A, then A has no descendants in A. 

(ii) If M — >g A, where A = 8(c, B), then no c 8 - has a descendant in A. 

We mention that the following important property holds for our PCF-like systems, since 
it does not hold for all rewrite systems [23]. 

Note 36 If A C M and M — > A, then descendants of A in A are disjoint. 
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Disjointness of descendants does not extend to -», as we indicate here: 

(\y.(\x.yx)y)(\z.S*z) — >p (\x.(\z.S*z)x)(\z.S*z) 

— ^ (\x.8*x)(\z.8*z) 
— ^ 8*(\z.8*z). 

Definition 37 Suppose Mi is a term in a reduction <r, 

tr : M 1 K, M 2 % 2 M 3 % 3 ■ ■ ■ . 

(i) We say A C Mi is (tt) -contracted (in tr) if for some j > z, A 3 is a descendant of A 
and 7Tj = 7r. 

(ii) We say A C Af 8 - is active (in tr) if there is a A' C A that is contracted in tr. 

Sometimes it will be useful to specify a set of subterms of some term M , and consider 
reductions from M in which only those subterms are contracted. Such reductions are 
called developments. Because we work with systems in which a subterm can contract by 
more than one rule, our definition of developments extends the standard definition by 
specifying a rule for each redex contracted in a development. 

Definition 38 Suppose the following: tr is a reduction from M to N; J 7 is a set of 
subterms of M\ and II is a mapping that takes each A £ T to a rule 7Ta- 

(i) We call tr a development of T from M by II, written tr : (Af, J 7 ) -» iV, if each 
redex A' contracted in tr is a descendant of some A £ J 7 , and A' is contracted by 
rule 7Ta- 

(ii) We say a development tr is a complete development, written tr : (Af, J 7 ) -» iV, if 

cpl 

Tjtr = 0. 
When II is evident from context, we will omit mention of it. 

Note 39 If T is a set of n disjoint redexes of M , then clearly all complete developments 
of T from M are of length n and are cohnal. 

C.3 Properties related to confluence 

Note 39 is a special case of a much stronger theorem, the Finite Developments theorem. 
We will not need to prove the Finite Developments theorem in its full generality; this 
section proves a weaker result that will be sufficient for our application. 

Definition 40 We say two <5-redexes Ai and A 2 overlap if either 
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(i) they share the same head <5, or 
(ii) one A 8 - appears as a critical argument of the other. 

Note that in case (ii), the A 8 - must be a ground constant. 

Often, rewrite systems are constrained to avoid overlapping redexes; such systems 
are guaranteed to be confluent. Because we allow overlapping rules, our systems are not 
confluent in general. However, they do satisfy the following much weaker property, which 
will be essential in our proof of standardization. 

Lemma 41 Suppose (T\ : M -4 Mi and cr 2 '■ M -4 M 2 , where Ai and A 2 do not 
overlap. Then complete developments of A 2 /o"i from Mi and Ai/<r 2 from M 2 are finite 
and cofinal. 

Proof: For each of the various cases on the relative positions of Ai and A 2 in Af , we find 
a term M 3 that is the final term of every complete development of Ai/<r 2 and A 2 /o"i: 



Mo 



Ai 



Mi 



A 2 /<71 



Al/(72 

M 2 » M 3 



1. Ai and A 2 are disjoint. Then Af , Mi, and M 2 can be written 



= 


••Ax- 


..A 2 -.., 


r 


• •a;- 


..A 2 -.., 


\ = 


••Ax- 


••A 2 --., 



where A' x and A' 2 are the respective contractums of Ai and A 2 . Now defining 



M 3 



def 



■■A[...A' 2 ... 



we see that the only complete development of A 2 /o"i is Mi -4 Af 3 , and the only 
complete development of Ai/<r 2 is M 2 —> M 3} as desired. 

2. Ai C A 2 . Then there is a unique descendant A' 2 of A 2 in Mi, and we consider 
three subcases. 
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(a) A 2 = (Xx. ■ ■ ■ Ai • • -)N. Then we can write M , Mi, and M 2 as 

Mo = •••((Ax.---Ai---)iV)---, 
Mi = •••((Ax.---A' 1 ---)iV)---, 

M 2 = •••((•••Ai---)[x:=iV])..., 

where A' x is the contractum of Ai, and A' 2 = (Ax. • • • A' x • • -)N. If we take 
M 3 = •••((•••A' 1 --.)[x:=iV])..., 

A' 

then the only complete development of A 2 /o"i is Mi -4^ M 3 . Furthermore, 
substitutivity holds for PCF-like rewrite systems; that is, 

M ^ M' ^ M[x := N] * M'[x := N], 

where A' is A with any free occurrences of x replaced by N. Thus the only 
complete development of Ai/<r 2 is M 2 — > M 3 . 

(b) A 2 = (Xx.N)(- • • Ai ■ ■ ■). Then M , M x , and M 2 can be written 

Mo = ■■■((Xx.N)(---A 1 ---))---, 
Mi = ...((Ax.JV)(-..A' 1 ...))---, 
M 2 = ■■■(N[x:=(---A 1 ---)])---, 

where A' x is the contractum of Ai, and A' 2 = (Xx.N)(- ■ ■ A' x • • •). Dehning 

M 3 = ■■■(N[x:=(...A[... )])■.., 

A' 

we see that the only complete development of A 2 /o"i is Mi -4^ M 3 . Further- 
more, descendants of Ai in M 2 are disjoint, and any contraction of them in 
turn is a reduction M 2 — > • • • -4 M 3 . 

(c) A 2 = 6 g (- ..,...(... Ai ■■■)■■ ■). Then we write M , M x , and M 2 as 

Mo = ...(^(...,...(...Ai--.)---))---, 

Mi = ...(^(..^...(...a;-..)---))---, 

M 2 = ...(P e (...(...A 1 --.)---))---, 

where A' x is the contractum of Ai, and A' 2 = 8$ (•••,•••(•• • A' x •••)•••). Dehn- 
ing 

M 3 l f ...(^(...(...Ai---)---))-", 

A' 

we see that the only complete development of A 2 /o"i is Mi —*e M 3 . And just 
as in case 2b, the descendants of Ai in M 2 are disjoint, so by contracting them 
in turn we find a reduction M 2 -4 • • • — > M 3 . 
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3. A 2 C Ai. This case is handled exactly as case 2. 



C.4 A labelled A-calculus 

For any PCF-like rewrite system, there is a corresponding labelled PCF-like system that 
is strongly normalizing. The labelling technique has led to some of the simplest proofs 
for many syntactic properties, and we will use it in our proof of standardization. This 
section introduces labelled calculi and proves that they are strongly normalizing. 

The labelled system is similar to the system that we introduced earlier to define 
descendants. However, the systems are also different in important ways, since they are 
intended for different purposes. In the labelled system, we will mark <5's with nonnegative 
integers instead of *'s, and we will not need to mark A's. Furthermore, we do not allow 
unmarked <5's. The reasons for this will become apparent in what follows. 

For any PCF-like language C, the language £n is j us t the PCF-like language with 
constants 6 a n for each constant 6 a of C and each n £ N. 

Notation 42 

(i) If M £ £n, then \M | £ C is the term derived from M by erasing the labels on the 
constants. 

(ii) If M £ C, then M n £ C^ is the term derived from M by labelling each constant 
with n. 

The (5-rules ©n of the labelled calculus are defined as follows. If 9 is a rule of 0, 

9 : 6(c,x) -> P(x), 
then ©n contains all rules of the form %: 

N : S n+1 (c'x) ->■ P n (x), 

where c' is a vector of £n ground constants such that \c'\ = c. Note that there is no rule 
for any 6 . 

The projection |<r| of a ©^-reduction path cr is defined in the obvious way. And any 
©-reduction cr can be lifted to a ©^-reduction cr' such that cr = \cr'\ (e.g., label each 
constant in the hrst term of cr by the length of cr). 

Definition 43 A term M is strongly normalizable (SN) if all reductions starting at M 
are finite. 

Theorem 44 (Strong Normalization) Every C^ term is strongly normalizable. 
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The rest of this section lays out the proof of strong normalization. We use a straightfor- 
ward extension of the method of [17]. 

Definition 45 The notion of strong computability (SC) of a term is defined by induction 
as follows: 

(i) A term of ground type is SC iff it is SN 

(ii) A term Af(^ T ) is SC iff, for every SC term N a , the term (MN) T is SC 

Note 46 By definition 45(ii) a term M is SC iff, for all vectors N of SC terms driving 
M to ground type, the term MN is SC. And by definition 45(i), such an MN is SC iff 

it is SN. 

Definition 47 An atom is a variable or a constant 8 n with no rule. 

Lemma 48 

(i) If a is an atom and N is a vector of SN terms, then the term aN is SC. 

(ii) Every SC term M is SN. 
Proof: By induction on the type of aN and M. 

1. Basis: aN and M have ground type. 

(i) Since each Ni is SN, aN must be SN, and therefore SC by definition 45(i). 
(ii) By definition 45(i). 

2. Induction: aN and M have type a — > r. 

(i) Let P a be SC. By the induction hypothesis (ii), P is SN. Then by induction, 
the term (aNP) T is SC. Therefore so is aN by definition 45(ii). 

(ii) Let x a be a variable not occurring in M. By the induction hypothesis (i), x is 
SC. Then (Mx) T is SC, and therefore SN by induction. But any subterm of 
an SN term is SN, so M is SN as well. 



Lemma 49 If N is SC and M[x := N] is SC, then so is (XxM)N. 

Proof: Let P = Pi, . . . , P n be a vector of SC terms driving M to ground type. Since 
M[x := N] is SC, the term 

(M[x := N])P (5) 
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is SN by Note 46. The lemma follows from Note 46 if we can prove that 

(XxM)NP (6) 

is SN. 

Now since (5) is SN, all of its subterms are SN, including M[x := iV], P. Furthermore 
by hypothesis and the preceding lemma, N is SN. Therefore an infinite reduction from (6) 
cannot consist entirely of contractions in Af, iV, Pi, . . . , P n . So an infinite reduction of 
(6) must have the form 

(XxM)NP 1 ■■■P n -» {\xM')N'P[ ■■■P' n 

- M'[x:=N']P[---P l n 
— » . . . 

(where M -» M' , etc.) From the reductions M -» M' and N -» N 1 we have 

M[x := N] -» M'[x := N'] 

Then we can construct an infinite reduction from (5) as follows: 

M[x := N]P X ■ ■ ■ P n -» M'[x ■= N']P[---P' n 

— » . . . 

But this contradicts the fact that (5) is SN. Therefore there is no infinite reduction from 
(6); it must be SN. ■ 

Lemma 50 Consider a constant 6 and a vector N of SC terms driving 6 to ground type. 
If for each rule 6 on 6, 

: S e (c } x) — >■ Pe(x), 

where SN = Sg(Ni } N 2 )N 3 , we have that 

Pe(N 2 )N 3 (7) 

is SC, then SN is SC. 

Proof: We must show that SN is SN. Since the N are SC, by Lemma 48 they are SN. 
Therefore any infinite reduction from SN must look like 



Se{N u N 2 )N 3 -» S e (c,N 2 )N 3 

-+ Pe(N 2 )N 3 ' 

— » • • • 
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where Ni -» c , N 2 -» N 2 , etc. But then we can construct an infinite reduction from (7) 
as follows: 

Pe(N 2 )N 3 -» P e (N 2 ')N 3 ' 



But as (7) is SC, by Lemma 48 it is SN, a contradiction. Therefore 8N is SN. ■ 

Lemma 51 For any term M and substitution p = [x := N], where each Ni is SC, the 
term Mp is SC. 

Proof: The proof is by induction on the lexicographic ordering of (m,Af), where m is 
the maximum <5-index appearing in M. 

1. M is a variable X{. Then Mp is Ni and the result follows. 

2. M is an atom distinct from xi, . . . , x n . Then Mp = M which is SC by Lemma 48. 
Note that this includes all constants 8 . 

3. M = 8 m+ \. Then Mp = 8 m+ \. Thus it is sufficient to show that for any vector N' 
of SC terms driving 8 m+ \ to ground type, the term 8 m+ iN' is SC. 

Consider any rule 6 on 8 m+ \\ 

6 : 8 m+1 (c,x) ->■ P(x). 

By construction of the labelled calculus, no constants in P are labelled with an 
index greater than m. Thus we can apply the induction hypothesis to P. 

If we rewrite 8 m+ iN' as <5 m+ i(iVi , N 2 )N 3 , by induction P(N 2 ) is SC. Then by the 
definition of SC, the term P(N 2 )N 3 is SC. Therefore by Lemma 50, 8 m+ iN' is SC. 



4. M = \y a M\. Then Mp = Xy(Mip) } neglecting changes in bound variables. 

To show that Mp is SC we must show that for all SC terms N a , the term (Mp)N 
is SC. But (Mp)N = (Xy(M 1 p))N, and 

(M lP )[y:=N] = M x [ Xl := N x ] ■ ■ ■ [x n := N n ][y := N] 

which is SC by induction. Therefore (Xy(Mip))N is SC by Lemma 49. 

5. M = M X M 2 . Then Mp = (M 1 p)(M 2 p), and M x p and M 2 p are SC by induction. 
Therefore Mp is SC by definition 45(ii). 



Proof of Theorem 44 (Strong Normalization): By Lemma 51, every term M is SC 
(just let x be empty). Then by Lemma 48, M is strongly normalizing. ■ 
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C.5 Standard Reductions 

Our definition of standard reductions is similar to that of [19], with a few important dif- 
ferences. The "linear ground" restriction imposed on our systems gives us a particularly 
simple class of rewrite rules, and this simplicity carries over to the definition of standard 
reductions. On the other hand, the systems of [19] do not include A-abstraction, and 
forbid overlapping rewrite rules, which we allow. 

Overlapping rules do not add much complication to the definition of standard reduc- 
tions, but they are more of an obstacle in the proof of standardization. Overlapping 
systems are not confluent in general, so we cannot use confluence and related properties 
in our proof. This is offset by the fact that we consider only typed systems. 

The standard reductions of [19] are based on "outside-in" reductions. Informally, 
outside-in reductions are reductions in which no subterm of a term reduces before the term 
itself contracts, unless the subterm reduces outside-in and contributes towards making 
the term a redex. For example, consider the PCF reduction 

cond(zero?0) M N -> condtt MN 

-> M. 

The reduction is standard, even though the term cond (zero?0) M N contracts after its 
subterm (zero?0), because it is the contraction of (zero?0) that turns the cond term 
into a redex. 

There is a natural way of testing whether or not a reduction is outside-in: first, 
identify "outermost" subterms that contract; each of these identifies subterms that must 
reduce before the outer subterm itself contracts. By iterating the process, we can identify 
a subterm or subterms that must reduce before any others, if the reduction is to be 
outside-in. This idea is the basis of our definition of standard reductions. 

For each term in a reduction, we identify a principal redex , and call a reduction stan- 
dard if the redex contracted at each step is the principal redex. For the pure A-calculus, 
the principal redex for some Mi will simply be the leftmost redex of Mi contracted in the 
reduction. 

For systems with constants, we must allow reductions to take place in the critical 
arguments of some 6-terms. To find the principal redex, then, we start by considering 
the leftmost contracted subterm; if it is a 6-term, we then consider critical arguments 
in which contractions take place, etc. Eventually, consideration of these preprincipal 
subterms leads to the principal redex. 

Definition 52 Let Mi be a term in a reduction path <r, 

tr : M 1 ^ M 2 H M 3 ^ ■ ■ ■ . 
A contracted subterm A of Mi is preprincipal in cr if 
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(i) A is the leftmost subterm of Mi contracted in cr; or 
(ii) there is a subterm A' of Mi such that: 

• A' is ^-contracted in cr; 

• A' is of the form 5$ (A, B), where the leftmost active critical argument, Ak, is 
of the form AiV; and 

• A' is preprincipal in cr. 

We write pp (7 (A) if A is preprincipal in cr. 

This next lemma is essential in showing an important property of the preprincipal 
subterms: they are linearly ordered by C (see the following note): 

Lemma 53 Let Mi be a term in a reduction path cr, 

cr : M 1 ^ M 2 H M 3 H ■ ■ • , 

and let A be a preprincipal subterm of Mi. If A ^ A 8 - ; then A has a unique, preprincipal 
descendant A' C Mi + \ . 

Proof: By induction on how pp (7 (A). 

(i) pp (7 (A) because A is the leftmost contracted subterm of Mi. Then clearly A has 
some unique descendant A' in Mi + \. Furthermore A' is the leftmost contracted 
subterm of M; + i , as the contraction of A 8 - can only introduce terms to the right of 
A'. Thus pp CT (A'). 

(ii) pp (7 (A) because Mi contains a preprincipal, ^-contracted subterm, Se(A } B) } whose 
leftmost active critical argument, Ak, is of the form AiV. 

Now A; ^ Se(A } B) } else by Note 35(ii), A would have no descendant in M,- + i, 
contradicting the fact that it is contracted in cr. 

So by induction, Sg(A } B) has a unique, preprincipal descendant, which must be of 
the form 5$(A', B'). But then A' k = AW, where A' is the unique descendant of A, 
and furthermore pp (7 (A / ). 



Note 54 

(i) By Lemma 53, every preprincipal subterm contracts exactly once in cr. Thus the 6 
and Ak of Definition 52(ii) are unique. 

(ii) By (i), we conclude that if Ai and A 2 are distinct, preprincipal subterms of Af 8 -, 
then either Ai C A 2 or A 2 C Ai. 
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Definition 55 Suppose cr is a reduction path, 

a : M x H M 2 H M 3 H ■ ■ ■ . 

(i) We define the principal redex pr (7 (Af 8 ) to be the innermost preprincipal subterm of 
Mi. By Note 54(ii), this is well dehned. 

(ii) We say cr is a standard reduction if for all z, A 8 - = pr (7 (Af 8 ). 

The following theorem is the main result of this appendix. 

Theorem 56 (Standardization) If M -» N is a finite reduction in a PCF-like rewrite 
system, then there is a standard reduction from M to N . 

C.6 Path-reduction 

This section gives our proof of Standardization. It is based on a proof in [23] for the pure 
A-calculus, which introduced a sort of meta-reduction: a reduction relation on reduc- 
tion paths. This path-reduction rewrites non-standard reductions into "more standard" 
reductions. The following results motivate the definition of path-reduction. 

Lemma 57 Let cr be a reduction path, 

cr : M x ^ M 2 H M 3 ^ ■ ■ • , 

and let A = pr (7 (Af 8 ). If A 8 - ^ A ; then A has a unique descendant A' C Mi + \, and 
A' = pr,(M,- +1 ). 

Proof: Lemma 53 proves uniqueness. To show A' = pr (7 (Af 8 ' + i), by the definition of pr^ 
and Lemma 53 it suffices to note the following: if Ai C A 2 C M have unique descendants 
A' l7 A' 2 C M', where M ->■ M', then A' x C A' 2 . ■ 

Corollary 58 Suppose cr is a reduction path, 

cr:M 1 ^M 2 ^--- A ^ 1 M n . 

Then cr is standard iff there is no j such that Aj is the descendant o/pr (7 (Af ? _i). 

The corollary suggests a possible way to transform a non-standard reduction into a 
standard reduction: successively "swap" the contraction of a principal redex with the 
contraction of a non-principal redex at the previous step. If we reach a reduction in 
which each principal redex contracts as soon as it becomes principal, we will have found 
a standard reduction. 
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Definition 59 Suppose cr is a non-standard reduction, that is, there is some j such that 

a : > M 3 _ x A ^ M 3 H M 3+1 -> • • • 

where A 3 is the descendant of A' = pr (7 (Af ? _i). The subpath 

M 3 _ x A ^ 1 M 3 H M 3+1 

is called the path-redex at step j . Note that A' and Aj_i do not overlap, and furthermore, 
by Lemma 57, A 3 is the unique descendant of A'-. Therefore by Lemma 41, we can find 
a sequence 

A' A' , A' , 

M ? _i^M' ^ ••• ^ M j+1 , 



A , ■ i A ,■ 

M,_i A'M^I^ 


• • • , 


A' A' , A' 

M,-_i -4 Mj ^ • • • - 


" M i+1 



where the A'_ x are the descendants of Aj_i. Such a sequence is call a path-contractum. 
Finally, we define path-reduction: cr — > cr 1 if <r' is obtained from cr by replacing the 

path 

path-redex at step j by a corresponding path-contractum. We will drop the index j 
when convenient. 

Clearly, path-reduction preserves initial and final terms, and any path-reduction nor- 
mal form is a standard reduction. Moreover, the next two lemmas show that path- 
reduction is strongly normalizing. 

Lemma 60 Suppose cr — > cr' , where 

path 

cr : Mi -> >■ 

cr 1 : Mi -> > 

Then for i ^ j , the following hold: 

(i) If A C Mi is not contracted in cr, then it is not contracted in cr' . 

(ii) If A C Mi is contracted in cr and pp (7 (A) ; then A is contracted in cr' . 

(iii) If A C Mi is preprincipal in cr, then it is preprincipal in cr' . 

(iv) pr CT (M) = Pv(M). 

Proof: 

(i) Just note that path-reduction only permutes the order of contraction of subterms; 
it does not introduce new contractions. 
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(ii) It is clear that if A contracts in cr and does not contract in <r', then A is either 
Aj_i or one of its ancestors. Thus we only need consider Aj_i. 

If Aj_i does not contract in <r', then it must be contained in A'. But A' is the 
principal redex of Mj_i, that is, the innermost preprincipal subterm of Mj-i. So if 
Aj_i is not contracted in <r', it is not preprincipal in cr. 

(iii) We use induction on how pp (7 (A). 

1. pp (7 (A) because A is the leftmost contracted subterm of Mi. By (ii), A is 
contracted in <r', and by (i), it is the leftmost contracted subterm of Mi in cr 1 . 
Therefore pp (7 ;(A). 

2. pp (7 (A) because pp (J (6e(A } B)) } and the leftmost active critical argument, Ak, 
is of the form AiV. By induction, pp (J i(6e(A } B)) } and by (ii), A is contracted 
in cr 1 . So Ak is active in <r', and by (i), it is the leftmost active critical 
argument. Therefore pp (7 ;(A). 
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This follows from (i), (iii), and the definition of pr^. 



Lemma 61 If cr is a finite reduction, then there is no infinite path-reduction starting 
from cr. 

Proof: Consider a path-reduction 

cr = cr x — > cr 2 — > cr 3 — > 

path path path 

It is not hard to see that the reduction could have been carried out in the labelled system; 
that is, if cr\ is a labelled reduction such that \cr\\ = <t 8 -, and <t 8 - — > <t 8+ i, then there is 

path 

a labelled reduction cr' i+1 such that |<r'- +1 | = <t 8+ i, and cr\ — > cr' i+1 . Thus we can find 

path 

labelled reductions cr' l7 tr' 2 ,tr' 3 , . . . such that |<r'| = <t 8 -, and 

cr^ — > cr ^ — y ""3 — y • • • . 

path path path 

And because labelled reduction is strongly normalizing, and each <r' begins with the same 
£n term, each <t 8 - is finite. 

Furthermore, the path-reduction can be thought of as constructing a tree of terms, 
with each path from root to leaf corresponding to a reduction <t 8 -. Each contracted 

path-redex introduces a branching in the tree. For example, if <t 8 - — > <t 8+ i, then the 

path 

root-to-leaf path corresponding to <t 8+ i is obtained by branching off of the root-to-leaf 
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path of (Ti at depth j ' — 1. The situation is depicted in the following figure, where the 
root of the tree is displayed at the left and the leaves are displayed at the right: 



A 



i-i 



M x — > ... — > M.-_i --^ Mj -A M.-+i — ► • • • — > M n : a 



h 



M> A M ... A M M J+1 -^ > M n : a l+1 

By Lemma 60(iv), the tree is a binary tree, and we have just seen that there is no 
infinite path from the root. Then by Konig's Lemma, the tree is finite, so the number of 
different reductions given by the tree must be finite. ■ 

Proof of Theorem 56 (Standardization): If a : M -» N is a finite reduction in a 
PCF-like system, we can obtain a standard reduction from M to N just by finding a 
path-reduction normal form of cr. ■ 

Note that we have not shown that path-reduction normal forms are unique: that is, 

if 

a ->■ • • • ->■ <Ti, 

path path 

and cr — > ■ ■ ■ — > cr 2} 

path path 

where (T\ and cr 2 are normal forms, we are not guaranteed that (T\ = cr 2 . We expect 
that the property holds, but haven't tried to verify that it does, since it is not needed to 
prove Standardization. 
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